CVE-2015-5022

Currently unrated

Key Information:

Vendor: IBM
Status: B2b Advanced Communications
Vendor: CVE Published:; 6 October 2015

Summary

IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IT10702

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21967334

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 6, 2015
Vulnerability Reserved
Jun 24, 2015